Assuring safety with “the other” SMS

5 02 2010

I’m currently reading a relatively recent advisory circular from the FAA, AC120-92 [PDF], “Introduction to Safety Management Systems for Air Operators”.  It’s for a research project, but I have no shame in admitting that I’d probably be browsing through it even if I didn’t have a grade pushing me along.

A safety management system is the regulatory way of saying to airlines, “Look – your guys’ operations have become so complex and diverse that we’re going to grant airline management some autonomy in the safety department.  Using this framework [plunks a 40-page document on the desk] we want you to establish a safety program that can adapt and evolve with time.  Report to us.  Due soon.  Thanks.”  That’s the quick and dirty of it.

James Reason is just a small mouse in a big world of Swiss Cheese models.

Nick Sabatini, the former associate administrator for aviation safety for the FAA, spoke at IASS (International Aviation Safety Seminar – I know…) in Beijing last fall.  He explained SMS in more eloquent terms as an “evolution of safety” that is “culture-driven, highly measurable, and analytical”

Which is true.  The culture-driven part, especially, as it signals a shift in focus away from a sheltered Orwellian workplace that some airlines have unfortunately adopted to a more natural and approachable environment.  A culture comes to be from common beliefs and values (towards safety, say) that develop organically and authentically.  From that, behavioral norms begin to emerge to the point where behavior that is universally embraced is also behavior universally practiced.  But it’s a gradual process.  (See James Reason’s seminal “Managing the Risks of Organizational Accidents” p. 192 for more.  He made the Swiss Cheese model.)

So an SMS is constructed around four central ideas: safety policy (the commitment from management); safety risk management (identification, analysis, and control of hazards); safety assurance (monitor of effectiveness); and safety promotion (culture).  What caught my attention was something on page seventeen of the AC about safety assurance and how to get the information for proper decisionmaking:

The highlighting is mine and the yellow quote bubble shows that I left a note in the margin.  My note has to do with the fact that, by this definition, safety assurance is still relatively unchanged.  The very safety intelligence that drives the whole SMS can not be fenced in by the bureaucracy and regimen that is consistent with pre-SMS safety philosophy if the whole project hinges on a culture that is dynamic and constantly evolving.

Here, safety assurance essentially takes place in an echo chamber where decision-makers are exposed only to the information the system is designed to share.  Top-down analysis and conclusions may fail to recognize more systemic, yet casual and seldom-reported impediments to safety.  Employee reporting systems are, indeed, effective in collecting information, but they always have and always will amount to a broad channel that feeds from single employees to many in management.  With just the Aviation Safety Reporting System (ASRS) and other structured interactions, valuable insight from people at the sharp-end of the airplane are at risk of being stovepiped into obscurity.

For safety to truly be generative, people with information should not be bound by formal reporting systems.  Greater, broader platforms of communication can elicit productive discussions about a hazard and even shed light on new or potential threats.

This is where a discussion about Enterprise 2.0 and emergent media (that is, media that produces emergent phenomenon) kicks off.  But I’d like to hear your reactions about what I’ve said so far.  Leave comments!